CVE-2018-1223: CFCR leaks credentials to application logs

Severity

High

Vendor

Cloud Foundry Foundation

Affected Cloud Foundry Products and Versions

kubo-release versions prior to 0.14.0

Description

Cloud Foundry Container Runtime (kubo-release), versions prior to 0.14.0, may leak UAA and vCenter credentials to application logs. A malicious user with the ability to read the application logs could use these credentials to escalate privileges.

Mitigation

Users of affected versions should apply the following mitigations or upgrades:

Releases that have fixed this issue include:
- kubo-release versions 0.14.0

History

2018-09-14: Initial vulnerability report published.

CVE-2018-1223: CFCR leaks credentials to application logs

CVE-2018-1223: CFCR leaks credentials to application logs

Severity

Vendor

Affected Cloud Foundry Products and Versions

Description

History

You Might Also Like

USN-5379-1: klibc vulnerabilities

USN-5613-1: Vim vulnerabilities

CVE-2017-4961: BOSH Director Shell Injection Vulnerabilities

Sign up for the Cloud Foundry Newsletter today!

Sign up for the
Cloud Foundry Newsletter today!